diff --git a/libs/djblets/.gitignore b/libs/djblets/.gitignore new file mode 100644 index 000000000..8995381c0 --- /dev/null +++ b/libs/djblets/.gitignore @@ -0,0 +1,12 @@ +build +dist +djblets/static/* +Djblets.egg-info + +.coverage + +*.rej +*.orig +.*.sw* +*.pyc +.DS_Store diff --git a/libs/djblets/.reviewboardrc b/libs/djblets/.reviewboardrc new file mode 100644 index 000000000..65de3997f --- /dev/null +++ b/libs/djblets/.reviewboardrc @@ -0,0 +1,3 @@ +REVIEWBOARD_URL = "http://reviews.reviewboard.org" +REPOSITORY = "Djblets" +BRANCH = "master" diff --git a/libs/djblets/AUTHORS b/libs/djblets/AUTHORS new file mode 100644 index 000000000..ed824c56a --- /dev/null +++ b/libs/djblets/AUTHORS @@ -0,0 +1,34 @@ +Lead Developers: + + * Christian Hammond + * David Trowbridge + + +Contributors: + + * Alexander Artemenko + * Anthony Mok + * Ben Hollis + * Brad Taylor + * Cory McWilliams + * Dave Druska + * Hongbin Lu + * Hussain Bohra + * Jesus Zambrano + * Jim Chen + * Kalil Amlani + * Kevin Quinn + * Lee Loucks + * Micah Dowty + * Niklas Hambuechen + * Onkar Shinde + * Paolo Borelli + * Patrick Uiterwijk + * Raja Venkataraman + * Simon Wu + * Stephen Gallagher + * Steven MacLeod + * Surya Nallu + * Thilo-Alexander Ginkel + * Vlad Filippov + * Yazan Medanat diff --git a/libs/djblets/MANIFEST.in b/libs/djblets/MANIFEST.in new file mode 100644 index 000000000..e6d68fd9c --- /dev/null +++ b/libs/djblets/MANIFEST.in @@ -0,0 +1,5 @@ +recursive-include contrib * +recursive-include djblets *.txt *.html *.css *.js *.htc *.png *.jpg *.gif +include AUTHORS +include NEWS +include ez_setup.py diff --git a/libs/djblets/NEWS b/libs/djblets/NEWS new file mode 100644 index 000000000..e28c14a39 --- /dev/null +++ b/libs/djblets/NEWS @@ -0,0 +1,1543 @@ +version 0.7.16 final (27-July-2013): + This release contains security fixes in the datagrid. If you are using + the datagrid, it is recommended that you upgrade to this release. + + * JavaScript: + * autoSizeTextArea now cleans up its hidden proxy elements when + destroyed. + + * inlineEditor can be told not to focus a textarea by default by + setting 'focusOnOpen' to false. + + * modalBox can place itself in an element other than by + setting the 'container' option to the element. + + * modalBox takes a 'boxID' option that, if specified, will set the + ID of the modalBox element. + + * funcQueue now takes an optional context parameter for callback + functions. The callbacks will be invoked with 'this' set to that + context. + + * djblets.datagrid: + * Data pulled from the database and rendered into cells are always + escaped now. Custom columns can still override this by providing + their own rendering. This led to an XSS vulnerability. + + This is CVE-2013-4795. + + * Columns can now specify an image_class instead of an image_url. + This will render the icon as a
with the given CSS class name, + instead of rendering an . It's useful when using spritesheets. + + * Added a JavaScript reload() function that can be called on a + datagrid element to trigger a dynamic reload from the server. + + * djblets.extensions: + * Extensions can now specify their list of app directories. + + An Extension subclass can define an 'apps' member variable that, + like INSTALLED_APPS, lists the app module paths the extension + uses. These will each be added to INSTALLED_APPS when enabled, + and removed when disabled. + + If an extension does not provide 'apps', then this falls back + on the default behavior of only adding the extension's parent + app. + + * Extensions can now specify the author's URL. + + Extension.metadata can now specify an 'Author-home-page' field, + which points to the URL for the author's site. This is meant to + distinguish between the extension's URL, and the URL for the + person/company/organization that created the extension. + + * Improved the look and feel for extension configuration. + + The extension configuration pages now fit in with the admin UI + a lot better. They share much of the look of other admin UI + pages. + + Furthermore, when extensions are saved, there's now feedback + given to the user, instead of just simply re-rendering the page. + + * Improved the functionality for extension configuration. + + Extension configuration forms now contain all the functionality + of SiteSettingsForm. This include fieldsets and save blacklists + (which prevent a field from automatically being saved in the + extension settings). + + * Improved the list of available extensions. + + The list no longer causes part of the extension description + to be overlapped. It also shows the author of the extension, + and links back to the author's site. + + +version 0.7.15 final (26-May-2013): + * djblets.extensions: + * Extension classes can now define a 'metadata' variable to override + the package's metadata. This uses standard PyPI metadata fields. + Using this, single Python package can provide several extensions. + + * TemplateHooks subclasses can now override a new render_to_string + function to do their own processing and rendering, instead of + simply rendering the provided template_name. + + * The template_name parameter to TemplateHook is now optional. + + * The Django template loader cache is now reset when syncing + extension settings or enabling/disabling an extension. + + * djblets.webapi: + * Added a "is_webapi_handler" attribute to WebAPIResource. + + This allows for introspection from any middleware that's going + to call a view. It can test if this is set on the view to know + whether it's calling into an API handler. + + +version 0.7.14 final (6-May-2013): + * JavaScript: + * inlineEditor now emits a "cancel" event when pressing OK without any + modifications. Previously, there was no indication that it had + finished. + + * inlineEditor's "complete" event now has the initialValue parameter + (which comes after the new value) set correctly. Previously, it was + always the same as the value, making it hard to determine if + anything had changed. + + * $.fn.html() now works with setting empty strings. + + * djblets.gravatars: + * Added get_gravatar_url_for_email. + + This returns the gravatar URL for a given e-mail address, rather + than needing a User object. + + * djblets.webapi: + * The cache of known URI templates for a RootResource now works + properly when the path leading to the RootResource can change. + + * When serializing an object while using ?expand, any QuerySet + will be converted to a list. This prevents any changes from + happening between serializing and rendering. + + +version 0.7.13 final (26-April-2013): + * djblets.log: + * Added enhanced request logging. + + This supplements Python's logging functions (logging.info, etc.) + to take an optional request= parameter. When passed, the logging + information will show some additional details (by default, the + username and path) related to the log entry, helping with + debugging. + + * djblets.siteconfig: + * Changing and loading the site_static_url setting will now actually + cause static media files to be loaded from that URL. + + +version 0.7.12 final (19-April-2013): + * djblets.datagrid: + * Massively speed up datagrid rendering. + + The rendering code for datagrids had a flaw where it would + re-populate some state for every cell, and this could be very + expensive. It's now reused on all cells. + + We saw this with one application where a datagrid would take + 6 seconds to render. Now it takes 0.5 seconds. + + * djblets.extensions: + * Added an install_extension function to ExtensionManager. + + This can be used to install extensions dynamically from a file + or URL. + + Patch by Surya Nallu. + + * djblets.util.fields: + * CounterField now allows incrementing/decrementing by values other + than 1. + + Patch by Raja Venkataraman. + + * djblets.util.templatetags: + * The thumbnail and crop_image template tags now work with + Django Storage backends. + + * Added a save_image_to_storage function in djblets_images that + makes it easy to save image data to Storage backends. + + * djblets.webapi: + * Resources now consider both Last Modified and ETag headers + simultaneously when determining if a cached payload is still + valid. Previously, if the Last Modified timestamps were the same, + the ETag check would fail. + + +version 0.7.11 final (21-February-2013): + * General: + * Require Django 1.4.5 as a minimum. + + This is the latest security release of Django. For more information, + see https://www.djangoproject.com/weblog/2013/feb/19/security/ + + * djblets.extensions: + * "config/" and "db/" links for extensions are now generated + properly when specifying a custom SITE_ROOT. (Bug #2843) + + Patch by Raja Venkataraman. + + * djblets.log: + * Added an Admin UI setting for changing log levels. This is the + 'logging_level' setting in siteconfig, which controls + settings.LOGGING_LEVEL. + + Patch by Raja Venkataraman. + + * djblets.siteconfig: + * Added new 'list-siteconfig', 'get-siteconfig', and 'set-siteconfig' + management commands for manipulating siteconfig configuration + from the shell. + + +version 0.7.10 final (6-February-2013): + * djblets.util.fields: + * CounterField was failing to use the initializers for brand new + instances of a model, defaulting to None instead. + + Patch by Raja Venkataraman. + + +version 0.7.9 final (27-January-2013): + * JavaScript: + * modalBoxes now use z-indexes of 99 and 100 for the box and content, + instead of 11000 and 11001. + + * djblets.datagrid: + * Columns data by way of field access can now span field relationships. + For example, "some.other.object.field" can now be used. + + Patch by Alexander Artemenko. + + * djblets.extensions: + * Fixed a failure when clearing extension info. + + Extensions that weren't properly set up yet were causing a crash + when attempting to reload the list of extensions. + + * djblets.siteconfig: + * When loading the stored timezone, we're now longer setting + os.environ['TZ'] to that timezone. Instead, we're just activating + that timezone for Django only. + + This works around some problems with auto-reload threads (which will + still be on the default timezone instead of the loaded one) and + importing certain Python eggs, which would end up causing file + timestamps relative to different timezones. That would cause + autoreload to kick in prematurely and break any spawned processes. + + * djblets.webapi: + * Fixed a bug where list resources that had an unknown ID in the URL + could end up throwing an exception instead of returning a 404. + + Patch by Niklas Hambuechen. + + +version 0.7.8 final (19-December-2012): + * JavaScript: + * Fixed a crash when enabling/disabling an inlineEditor without an + edit icon. + + +version 0.7.7 final (16-December-2012): + * djblets.datagrid: + * Fixed a possible XSS exploit in datagrids. Patch by + Alexander Artemenko. + + * Failures during rendering the datagrid now results in a traceback. + + * djblets.extensions: + * Database evolutions are no longer applying using + evolve --hint --execute. This fixes unintentional database + changes elsewhere. + + * JavaScript: + * The second display of an inlineEditor no longer breaks the size + of the editor. + + +version 0.7.6 final (8-December-2012): + * JavaScript: + * inlineEditor now supports changing an "enabled" option, allowing + editors to start out enabled or disabled, or dynamically change + that state. + + Patch by Jesus Zambrano. + + * djblets.siteconfig: + * Siteconfig now handles old-style CACHE_BACKEND values and + new-style CACHES[cachename] dictionaries in hte 'cache_backend' + setting. + + * djblets.util.cache: + * Added normalize_cache_backend. + + This can take either an old-style CACHE_BACKEND or new-style + CACHES[cachename] and return a valid entry for CACHES['default']. + + * djblets.webapi: + * Added unregister_resource_for_model. + + This is useful for extensions that called register_resource_for_model. + + Patch by Steven MacLeod. + + +version 0.7.5 final (30-November-2012): + * djblets.siteconfig: + * Fixed a couple missing imports. + + +version 0.7.4 final (29-November-2012): + * djblets.siteconfig: + * The stored cache_backend setting is now deserialized into + settings.CACHES['backend']. This leaves other caches + unaffected and stops accessing settings.CACHE_BACKEND. + + +version 0.7.3 final (29-November-2012): + * This version contains all the fixes and functionality of 0.6.27. + + * General: + * Django 1.4.2 is now required. + + * All admin-related templates have been changed to better fit + the admin template structure and styles. This includes siteconfig + and logs. + + * djblets.extensions: + * Extension lists and state are now synchronized across + threads/processes/servers. + + * Extension subclasses now must capture all variable arguments + (*args, **kwargs) and pass them to the parent constructor. + + * URLHook, admin URLs, and API resource URLs are all now added and + removed properly when an extension is enabled or disabled. + + * djblets.util: + * Cache keys are now bound to the SITE_ROOT, if one is set, to + prevent leakage across instances. (Bug #2538) + + * Added DynamicURLResolver in djblets.util.urlresolvers. + + This can be added to a urlpatterns list to provide an entry point + for dynamically adding or removing URLs on a site. This is used + primarily for extensions. + + * djblets.webapi: + * API handler functions that specify allow_unknown=True in + @webapi_request_fields can now retrieve all extra fields as + an 'extra_fields' argument. + + * JavaScript: + * The jQuery dependency has been updated to 1.8.2, and + jQuery-UI to 1.8.24. + + * inlineEditor's animation speed has increased, and is now + customizable through options.fadeSpeedMS. + + * inlineEditor now does a better job of matching the parent + container's bounds. + + * inlineEditor no longer activates when simply selecting text. + Patch by Dave Druska. + + * Added a $.fn.retinaGravatar function that, on Retina-capable + displays, requests a larger gravatar for the given URL + specified in an . + + +version 0.7.2 final (26-September-2012): + * This version contains all the fixes and functionality of 0.6.24. + + * General: + * Styled all admin UI templates to add a "title" class to

page + titles. This affects extensions, log viewer, and siteconfig. + + * djblets.log: + * Fixed the columns to match the style of other admin UI columns. + + * djblets.pipeline: + * Our 'bless' compiler is now compatible with the latest versions of + pipeline. + + * JavaScript: + * modalBox's positioning is now properly centered. It was previously + just off-center a bit. + + +version 0.7.1 final (3-August-2012): + * Added the contrib directory to the source distribution. + + This solves a packaging problem when not using eggs. + + +version 0.7.0 final (2-August-2012): + * General: + * Djblets now requires Django 1.4.1+. + + * Added localized timezone awareness. Datagrids, log generation, + and various utility functions now operate in the user's + pre-configured local timezone. + + * Djblets now uses Django's standard static media support. + It looks for bundled media files using the static support. + Applications must have STATIC_URL, STATIC_ROOT, etc. configured + correctly. + + * djblets.datagrid: + * DateTimeColumn and DateTimeSinceColumn are now timezone-aware. + + * djblets.extensions: + * Added a framework for supporting loadable, configurable extensions + in Django-based sites. + + Extensions can be used to augment the functionality of a webapp. + Webapps can provide hooks in their codebase at any point they want + to extend. These can come in the form of template hooks, URLs hooks, + admin UI hooks, and other in-process hooks. + + A webapp will provide a single ExtensionManager, specifying the name + of a Python setuptools entrypoint. This entrypoint will be scanned + for any installed packages on the system that provide Extension + subclasses. Integration in the Administration UI is provided by + linking to the provided admin URLs. + + WebApps will typically only have a single ExtensionManager, but it is + possible for it to have multiple ExtensionManagers, allowing + different modules to provide their own extension mechanisms. + + Extensions themselves can depend on other extensions. Dependency + resolution happens automatically when enabling extensions. + + Extensions also have easy support for configuration forms in the + admin UI. All data is automatically loaded and stored in the + database. + + This is an experimental feature, and at this point we are not + guaranteeing compatibility between 0.7.x releases. 0.8 will have + a stable API. + + * djblets.util: + * ModificationTimestampField, http_date, and the the ageid filter have + been made timezone-aware. + + * Added a TimeZoneField, which displays all known timezones for + selection. The timezones come from the pytz module, which is now + a dependency of djblets. + + +version 0.6.29 final (27-July-2013): + * djblets.datagrid: + * Data pulled from the database and rendered into cells are always + escaped now. Custom columns can still override this by providing + their own rendering. This led to an XSS vulnerability. + + This is CVE-2013-4795. + + +version 0.6.28 final (20-February-2013): + * General: + * Require Django 1.3.7 as a minimum. + + This is the latest security release of Django. For more information, + see https://www.djangoproject.com/weblog/2013/feb/19/security/ + + * djblets.datagrid: + * Fixed a possible XSS exploit in datagrids. Patch by Alexander + Artemenko. + + * Failures during rendering the datagrid now results in a traceback. + + * djblets.util.fields: + * CounterField was failing to use the initializers for brand new + instances of a model, defaulting to None instead. + + Patch by Raja Venkataraman. + + +verrsion 0.6.27 final (24-November-2012): + * djblets.gravatars: + * The gravatar URL used for HTTPS connections now uses + https://secure.gravatar.com and not https://www.gravatar.com. + + * djblets.webapi: + * The allowed_mimetypes list in WebAPIResource is no longer + getting polluted with every WebAPIResource's allowed item and list + mimetypes. + + +version 0.6.26 final (5-November-2012): + * djblets.gravatars: + * Added a get_gravatar_url() function, which can be used to get + the URL for a user's gravatar without generating HTML. + + * Made gravatar support smart enough to choose an HTTP vs. HTTPS + URL, depending on what was used to access the page. (Bug #2768) + + * djblets.webapi: + * generate_etag() and serialize_*_field() functions now take a + request parameter. + + This requires that all callers update their serialize_*_field() + functions to take a **kwargs parameter. + + This breaks backwards-compatibility, but is a necessary change. + + * Resource handler functions that provide default values for + parameters can now expect those to be used. Previously, when + a parameter to the API wasn't provided, the value passed would + be None. + + +version 0.6.25 final (27-October-2012): + * General: + * Require Django 1.3.4. + + This is a simple release that just bumps our Django requirement, + in order to not have issues with consumers depending on the + latest security release in the 1.3.x branch. + + +version 0.6.24 final (25-September-2012): + * djblets.feedview: + * We now use the latest upstream of feedparser instead of an older + bundled version. This keeps us updated and prevents a security + issue with the version we shipped. + + +version 0.6.23 final (24-September-2012): + * General: + * We now require Django 1.3.3. + + Previous versions claimed to work with Django 1.1.1 or higher, + but for the remainder of the 0.6.x line, we plan to stay only on + Django 1.3.x. + + For Django 1.4+ support, use the latest 0.7.x releases. + + * djblets.util: + * Added djblets.util.humanize. + + This currently contains a humanize_list function. It's the same + as the template filter we provide, but is a bit nicer to include + and work with than a filter. + + * djblets.webapi: + * Added an Item-Content-Type header to web API responses for + list resources. + + This header contains the mimetype for the items in the list, making + it possible to determine what to use when fetching the items. The + documentation has been updated on how to use this. + + +version 0.6.22 final (31-July-2012): + * djblets.util: + * User and AnonymousUser are no longer imported globally in + the djblets_utils templatetags. This fixes some breakages in + apps that imported this file to get access to filters, but weren't + running in a Django settings environment. + + +version 0.6.21 final (24-July-2012): + * djblets.util: + * Fixed a bug with ifuserorperm and non-int IDs. + + +version 0.6.20 final (21-July-2012): + * djblets.datagrid: + * Improved performance of the datagrids. + + Datagrids now fetch all needed ForeignKey-related objects in one + go, instead of having one query per unique object. This can reduce + the query count substantially. + + * djblets.util: + * The ifuserorperm template tag now accepts both IDs and User + objects, allowing comparisons to be made without fetching the + User. + + +version 0.6.19 final (11-June-2012): + * JavaScript: + * inlineEditor no longer bubbles keypress events up. This helps prevent + problems with global key handlers being greedy. + + +version 0.6.18 final (5-June-2012): + * djblets.siteconfig: + * Settings form rows in the template now have IDs indicating the row + (in the form of "row-{{fieldname}}") and CSS class names + ("field-{{fieldname}}"). + + * Help text for fields are now marked as safe, so that the contents + aren't escaped. + + * The form's disabled_reasons is no longer assumed to be populated. + + * The initial field values are now always set. Previously, they would + only be set if the field type was a boolean, or the value didn't + evaluate to false, which broke numeric fields set to 0. + + * djblets.util: + * Added a json_dumps filter, which serialized a value to JSON. + + +version 0.6.17 final (2-April-2012): + * djblets.gravatars: + * Gravatars are no longer hard-coded to be jpegs. This was + breaking some gravatars. + + * JavaScript: + * inlineEditor now has a showRequiredFlag option for indicating if + a field is required. + + No validation is done on this, but an asterisk is displayed in + order to indicate that it's required. + + Patch by Yazan Medanat. + + * inlineEditor now indicates when its dirty state changes. + + A new "dirtyStateChanged" signal is emitted whenever the dirty + state changes, which happens as the result of a number of + different events. Looking up the dirty state is now cheaper, as + it's calculated when needed instead of on lookup. + + Patch by Jim Chen. + + +version 0.6.16 final (26-February-2012): + * djblets.datagrid: + * Removed an extraneous in the paginator. + * Fixed a compatibility issue with Django 1.4 in the queries. + + * djblets.util: + * Fix parsing of tokens in a blocktag in Django 1.4. + + We were failing to pass a tuple to parser.parse() when specifying the + end tags for a block tag. Somehow this never bit us before, but a + seemingly unrelated change in Django 1.4 triggered this broken + behavior, making all custom blocktags break. + + This led to some false-positives in other fixes, where it seemed that + removing custom tags starting with "if" solved things. In reality, it + didn't solve anything. It just masked the problem. + + This change should be compatible with all versions of Django. + + * djblets.webapi: + * Add support for resource-specific mimetypes. + + A common method for REST services is to have payloads returned with + resource-specific mimetypes. These can help to identify the format of + a payload (useful for automatic bindings) without having to inspect + the URI. + + This adds support for easily telling a resource to return such + mimetypes. If mimetype_vendor is specified, WebAPIResource can + populate the accepted mimetypes list with some + vendor/resource-specific mimetypes that will be used by default for + any responses. + + When there's a vendor mimetype, the resources will use the resource + names for the mimetypes, but these can be overridden using + mimetype_list_resource_name and mimetype_item_resource_name. + + * Accept "true" as a valid boolean value in the web API. + Patch by Jim Chen. + + +version 0.6.15 final (13-December-2011): + * djblets.pipeline: + * Replaced the djblets.compress module with djblets.pipeline. + + django-compress was deprecated shortly after our 0.6.14 release, with + django-pipeline being the successor. As such, we've decided to get rid of + the djblets.compress support and just replace it with equivalent pipeline + support. + + We're not aware of any projects this will break. + + * djblets.util: + * Fixed Django 1.4 compatibility. + + djblets.util.misc was importing RegexURLPattern from a location that + no longer worked. This has been updated to use the proper import path. + + +version 0.6.14 final (9-November-2011): + * djblets.compress: + * Added a new filters for django-compress that handles lesscss + (http://lesscss.org) files and automatically converts/deploys as + CSS. + + * Added new templates for django-compress that handles the + MEDIA_SERIAL suffix. + + * djblets.siteconfig: + * The settings template now allows fields to not have a label by + setting "fields_no_label" to True in the form class. Patch by + Hongbin Lu. + + * djblets.webapi: + * Fixed authentication failures when ":" was in the password. + Patch by Dave Druska. (Bug #2334) + + * djblets.util: + * The jQuery and jQuery-UI versions are now referenced in only one + place, in js/jquery.html and js/jquery-ui.html. Other templates + can include these and keep up-to-date with the versions Djblets + provides. + + Projects can override these templates to provide their own + hard-coded versions. + + In the next release, these will switch to the Google CDN by default. + + +version 0.6.13 final (7-October-2011): + * djblets.log: + * Include the HTTP method in the new page request logs. + + * djblets.util: + * Moved controlled_subprocess into djblets.util.contextmanagers. + + This makes it easier to selectively import on Python 2.4. + + * Fixed a syntax error in controlled_subprocess on Python 2.4 and 2.5. + + +version 0.6.12 final (6-October-2011): + * djblets.log: + * Allow logging page access times. + + If settings.LOGGING_PAGE_TIMES is set to True, page access times + (along with HTTP method, URL, and user) are logged. This can be + handy in tracking performance problems and blocked page loads. + + * djblets.util: + * Added a controlled_subprocess context manager for Python 2.5+. + + This is useful for using subprocess.Popen on a process that may end + up blocking. It ensures that a blocked process will terminate. + + This is experimental and may change in behavior, or move to a new + file. + + Patch by Mike Conley. + + * djblets.webapi: + * API authorization failures, misparsed headers, and authorization + attempts are now logged. + + +version 0.6.11 final (10-September-2011): + * djblets.testing: + * Added a new TestCase class and @add_fixtures decorator for + having fixtures specific to text functions. + + * djblets.util: + * Fixed defaults on counter fields on new model instances. + + Counter fields on new model instances were being set to 0, preventing + them from recomputing the next time they're accessed. This would + cause any new models to be incorrect. They're now initialized to + NULL instead. (Bug #2268) + + +version 0.6.10 final (20-August-2011): + * djblets.datagrid: + * Log failed attempts at finding cell templates, in order to aid + debugging. + + * djblets.feedview: + * Don't fail with an uncaught exception if loading an RSS feed fails. + (Bug #2189) + + If loading the RSS feed fails (if it's behind a proxy, for example), + feedview would raise an error. Now it provides the error data for + the caller to render. + + * djblets.log: + * Fixed a date range calculation bug in the log viewer. (Bug #2218) + + The "This Month" view in the log viewer was broken due to it + attempting to use the beginning of the date range calculated, which + was 0, instead of 01. Since we can assume the start of the month + will continue to be 1 for the foreseeable future, we can just + hardcode this and be safe. + + Patch by Lee Loucks. + + * djblets.util: + * Added a make_cache_key function for generating usable cache keys. + + The make_cache_key function generates a cache key guaranteed to be + able to fit inside the memcached key length restrictions. It will + generate a MD5 hash of the key if it exceeds the length. + + This is the same logic that cache_memoize uses to build the keys. + It can be used to perform other operations on that key. + + Patch by Vlad Filippov. + + * Allow JSONField to store up to 4GB of data on MySQL. (Bug #1481) + + JSONField on MySQL was hard-coding the "TEXT" column type, + allowing only 64KB of data. Now it uses the default for Django's + TextField, which is 4GB. + + This won't break compatibility with existing fields, but those + fields won't gain the benefits. To update an existing field on + MySQL, you will need to perform the following: + + ALTER TABLE table_name MODIFY field_name LONGTEXT; + + * Fixed a storage problem with large cache data. (Bug #1660) + + Large cache data was encoded incorrectly, causing anything stored to + become unloadable, meaning it'd have to be recomputed. This was due + to a string being stored for all but the last chunk, instead of a + string wrapped in a list. This affects any data that, after being + picked and zlib-compressed, is over 1MB in size. + + * djblets.webapi: + + * Make it easier to debug invalid data types in @webapi_request_fields. + + If using an invalid data type in the @webapi_request_fields listing, + you'd see a cryptic error being raised. Now the field is ignored + and an error is logged. + + +version 0.6.9 final (21-July-2011): + * djblets.auth: + * Add optional first and last name fields to RegistrationForm. + + * Prevent occasional errors when calling delete_test_cookie(). + + Sometimes validate_test_cookie() will work and then delete + delete_test_cookie() will throw an error. If the test cookie is + already gone from the session, we no longer care if it fails to + be deleted. + + * djblets.datagrid: + * Fixed an occasional crash due to id_list not being set. (Bug #1526) + + * Fixed an occasional rendering error caused by a 'None' object being + rendered. + + * Changing datagrid columns no longer loses the current page you're on, + or other view settings. Patch by Simon Wu. + + * djblets.util: + * Added a ifnotuserandperm template tag, which is the negation of + ifuserandperm. Patch by Hongbin Lu. + + * djblets.webapi: + * Add support for browser-side caching of webapi resources. + + WebAPIResource now has a few new properties and methods for handling + browser-side caching. Resources can handle Last Modified timestamps + or ETags, and generate them either based on fields or through custom + functions. + + This can speed up access to resources, improving performance both + client-side and server-side. + + * JavaScript: + * Prompt when canceling a dirty inlineEditor by default. (Bug #2096) + + inlineEditor now prompts the user if they cancel via Escape or the + Cancel button when the editor is dirty. The user has a chance to + change his mind instead of just losing everything he wrote. This can + be turned off per-inlineEditor. + + * Support Control-S for saving on inlineEditors. (Bug #1958) + + When editing a long block of text on an edit field, it's handy to be + able to save periodically. Now, pressing Control-S will now trigger a + save without closing the field. Patch by Hongbin Lu. + + +version 0.6.8 final (23-June-2011): + * djblets.datagrid: + * Fixed an occasional ValueError with the datagrid. + + On occasion, the "active" state of a column can sometimes be + True when the column isn't in self.datagrid.columns, which meant + it would throw a ValueError when trying to remove itself from the + list. We're more bullet-proof now. + + * djblets.gravatars: + * The gravatar templatetag no longer errors out if the provided user + is anonymous. + + * djblets.log: + * The "Logging to..." lines are now only logged when settings.DEBUG + is on. + + * djblets.util: + * JSONField no longer errors out if blank=False is used. (Bug #2015) + + * Fixed escaping of label names in label_tag() on newer versions + of Django. + + * djblets.webapi: + * Fixed a problem when settings.WEB_API_ENCODERS isn't set. + + Our fallback for when this setting wasn't set was broken, causing + new errors. + + +version 0.6.7 final (9-January-2011): + * djblets.datagrid: + * The datagrids now use a RequestContext when rendering cells, allowing + the columns or templates to access data from context processors. + + * djblets.siteconfig: + * The form body of a siteconfig settings page can now be replaced. + It's now stored in the "form_content" block. + + * SiteConfigurationManager no longer crashes if trying to clear + the cache for a SiteConfiguration that no longer exists. + + * djblets.testing: + * The Selenium test suite has been updated to support Django 1.2's + multi-database support. Previously, fixtures would fail to load + if using the new settings.DATABASES variable. + + * djblets.util: + * The @augment_method_from decorator wasn't properly calling up the + decorator chain, preventing some decorators from being invoked. This + has been fixed to ensure all decorators are called. + + * djblets.webapi: + * Due to the @augment_method_from breakage listed above, webapi + decorators could fail to add their own checks, causing various + problems in field checking and authentication. This is now fixed. + + * The Permission Denied (HTTP 403) errors being returned weren't + sufficient for clients that weren't authenticated. Now, an + unauthenticated client will instead see Not Logged In (HTTP 401) + errors. + + * The HTTP_AUTHORIZATION header is now checked on all requests. When + provided by the client, it will be used for authentication. This + means that clients can now force a login from their very first + request on, instead of requiring a HTTP 401 Unauthorized being + sent out first. + + This will also prevent multiple logins across different requests + from the same client, when the HTTP_AUTHORIZATION header is passed + on each request. This makes requests less heavy-weight and prevents + the last_login timestamp on the User from being updated on each + request. + + As part of this change, any webapps manually using the + @webapi_login_required decorator without the new resource code + will no longer support HTTP Basic auth. However, this was never + a supported feature anyway, and was more there by accident. + + * The 'api_format' parameter in requests is now treated specially + and doesn't trigger any invalid attribute errors during field + validation. + + * WebAPIResource.delete now uses get_object instead of fetching + the object directly, which simplifies the function and guarantees + that the correct object is used (especially when a resource + overrides get_object). + + * Redirects now preserve any special parameters ("callback", + "_method", "expand", and "api_format") passed to the request. + This works around problems in HTTP implementations that don't + allow the caller to know that redirects occurred (such as major + browsers), which would lead to this information being stripped and + the wrong results being returned. + + * The "expand" parameter for expanding links in payloads is now + supported for POST and PUT requests. + + +version 0.6.6 final (22-November-2010): + * djblets.util: + * Fixed a compatibility problem with JSONField and Django 1.1. It + was assuming support for Django 1.2's multi-database support. + + * Fixed multi-database support in Django 1.2 with JSONField, where + the default connection was always being used in one case. + + +version 0.6.5 final (20-November-2010): + * djblets.datagrid: + * MEDIA_SERIAL is now used for all the images in the datagrid + template. Patch by Ben Hollis. + + * djblets.util: + * Added a @root_url decorator for use with get_absolute_url + implementations, which appends SITE-ROOT to any returned URLs. + + * Added a CounterField for atomically updating counters. + + CounterField can be used to atomically increment or decrement + an integer stored in the database, on individual models or + on many models at a time. It's intended to substitute for + potentially expensive or numerous SQL queries that retrieve + counts of objects. + + * Updated the custom fields for Django 1.2 multi-database + compatibility. + + * djblets.webapi: + * Fixed a bug in serializing 'long' values in XML. + + * Resources now Vary on HTTP Accept, meaning that the browser won't + cache the wrong response type when accessing the same resource + with two different requested mimetypes. + + * Reduced the SQL query count for resources. + + * Fixed problems that could occur with URLs when serializing objects in + a list and when returning links. + + +version 0.6.4 final (14-September-2010): + * djblets.testing: + * An undefined variable error when using the Selenium test support + has been fixed. + + * djblets.util: + * Added an augment_method_from decorator for augmenting existing + functions. + + This allows a subclass to augment a parent class's function's + documentation and decorators. The existing decorators are + automatically inherited. Where this becomes useful is where you have + several classes that share common logic, but may need further + restrictions or new documentation. + + The defined function is meant to have an empty body (or 'pass'), + but it can contain code wich will be executed after the parent + function. No returned values will be used, however. + + * djblets.webapi: + * When serializing a dictionary in a webapi response into XML, we + now properly serialize keys that are integers. They are serialized + as . + + * Fixed a circular dependency that occured between resources.py, + encoders.py, and core.py (depending on which was first imported). + + * The User resource now accepts a '.' in the username. + + * List-only resources now always have their get_list function called, + regardless of whether it had list_child_resources defined. + + * Singleton resources (resources that exist as a single child item + with no object list) must now have the 'singleton' parameter set + to 'True'. + + * HTTP Accept mimetypes and ?api_format= are now supported properly + for resources. + + * Specifying api_format in POST requests now works. + + * Resource classes instances can now be queried by class, using + the get_resource_from_class function. + + * Resource classes can now be introspected: + + * Functions can list which error classes the client can expect + to receive using the @webapi_response_errors decorator. It can + be queried using function.response_errors. + + * The list of fields that can or must be specified for + HTTP GET/PUT/POST can now be queried. It can be queried using + function.required_fields and function.optional_fields. + + * Usage of @webapi_login_required can now be checked by accessing + function.login_required. + + * The list of fields on a resource should now be a dictionary, + which can include a description of the field. + + * The custom links on a resource can now be explicitly listed + by overriding the get_related_links function. + + +version 0.6.3 final (4-July-2010): + * djblets.testing: + * Fixed Selenium unit testing to properly skip the tests when + the Selenium server was down. + + * djblets.util: + * Added utility functions for HTTP Accept-based content negotation. + + This adds new get_http_requested_mimetype and get_http_accept_lists + functions for doing content negotiation using the HTTP Accept request + header. This header allows clients to tell the server which mimetypes + it accepts or explicitly forbids, based on priorities, so that the + server can send the right data. This can allow a single URL to return + various forms of data based on the client (HTML, PDF, JSON, etc.). + + The get_http_accept_lists() function parses the HTTP Accept request + header and returns sorted lists of acceptable mimetypes and + unacceptable mimetypes. These are sorted based on the priorities in + the header. + + The get_http_requested_mimetype() function takes a HttpRequest and a + list of supported mimetypes for that URL and then, based on the + results of get_http_accept_lists() and the supported mimetypes, + determines what mimetype the server should be using. If nothing is + supported, it will return None, and the server is expected to return + a HttpResponseNotAcceptable. + + * JavaScript: + * This adds some stuff to gravy to make sites work better on the + iPhone/iPad versions of Safari. A new $.proxyTouchEvents function + has been added, which causes touch screen events to be forwarded to + existing mouse event handlers. It's intended for basic use cases + where multi-touch events really don't need to be handled. + + * $.browser has been updated with a 'mobileSafari' check, making it + easier to determine whether we're running on the iPhone/iPad. + + * A workaround for jQuery bug #6446 has been implemented, which + basically fixes an issue with the result from $.offset() being + incorrect. + + * Tooltips are disabled on iPhone/Pad, as they're really not at all + useful and their hover events manage to get in the way of other + events. + + +version 0.6.2 final (13-May-2010): + * djblets.log: + * Fix a compatibility error with Python 2.4 and 2.5. + + +version 0.6.1 final (12-May-2010): + * djblets.webapi: + * Fixed a regression with the webapi auth handlers. They weren't + accepting the right arguments. + + +version 0.6.0 final (11-May-2010): + * djblets.datagrid: + * Fixed rendering issues with columns in the datagrids. + + Adding columns to a datagrid would cause odd rendering issues. This + was due to not including the 'last' flag (indicating the last + column, in order to position the Edit Columns column properly) in + the cache key. We now add the key, which allows the datagrid to + render properly when adding or removing columns. + + * Fixed over-caching of columns. + + There were a couple bugs where Djblets cached the rendered columns + too aggressively, causing links on cells to point to the wrong + addresses and columns to render incorrectly based on previous loads. + (Bug #1582) + + * djblets.log: + * Switched the logging setup code to use a WatchedFileHandler, + which automatically reopens the log files for writing when they're + deleting (such as after log rotation). + + * djblets.testing: + * Added the new djblets.testing module, which houses our old unit + testing helpers from djblets.util.testing. + + * Added new Selenium test suite support for automated browser + testing. + + * djblets.webapi: + * Added a new resource-based model for doing more RESTful APIs. + + This introduces a new class for easily creating RESTful URL resources + that can handle standard HTTP methods and return meaningful data in a + nicely constructed hierarchy. + + By using WebAPIResource, a site can offer a very clean set of URLs to + work with any object. + + There's a lot to this object, but it's all covered in the extensive + documentation in webapi/resources.py. + + +version 0.5.9 final (28-March-2010): + * djblets.util: + * cache_memoize now converts all keys to plain strings, instead of + allowing unicode to be passed to the backend. Not all cache + backends allow for unicode keys. + + * djblets.siteconfig: + * The same change for cache keys was made here as well. + + * djblets: + * Added ez_setup.py to the source distribution. + * Added djblets.__version__ and djblets.__version_info__. + __version__ is a variable containing the results of + djblets.get_package_version(), and __version_info__ contains + the version parts in a tuple. + + +version 0.5.8 final (27-March-2010): + * djblets.datagrid: + * Made many more speed improvements in the datagrids. + + This builds upon the previous set of improvements. + + We now parse and cache the cell and header templates before any + rendering is done, instead of doing it once per cell. + + We also cache cells by their displayed content, so that two cells + that would show the same rendered data will only render once. + This is especially useful for cells showing such things as + usernames. + + This can easily take seconds off the load of a heavy datagrid. + + * Objects in the datagrid with custom primary keys that aren't named + 'id' now work. + + * The Edit Columns icon is now a pencil instead of just "...', making + it easier to see it and figure out its purpose. (Bug #910) + + * djblets.feedview: + * The feedparser library is now only imported when needed. This + reduces startup time for requests by as much as a quarter of a + second, as feedparser is a very large library and takes time to + import. + + This should improve performance for any site that at all lists + djblets.feedview in INSTALLED_APPS, even for pages not making use + of feedview. + + * djblets.siteconfig: + * The stale settings issue appears to be fixed in this release. It + needs more testing in large deployments, but we've identified a + couple cases that would cause this problem and have fixed them. + + * The mail authentication information is now saved as plain strings + instead of unicode strings in order to fix a compatibility issue + with Python 2.6's HMAC library. + + * The SiteConfiguration's settings field is now read-only in the + Django administration UI in Django 1.2. + + * djblets.webapi: + * WebAPIErrors can now take HTTP status codes that will be sent to + the browser. These default to 400, though the built-in errors may + define different codes. + + This change does break backwards-compatibility if a client calling + the API makes the assumption that every result with a payload will + be an HTTP 200 OK. Clients shouldn't make these assumptions, but + it's possible that they do. + + * Added support for Basic HTTP Authentication. + + Clients making a call when not logged in to a restricted URL will + now get an HTTP 401 Unauthorized, along with a WWW-Authentication + header specifying that Basic Auth is to be used. + + Clients can use standard Basic Auth to pass credentials to any + URL requiring such authorization in order to log in. This removes + the need for special login URLs. + + This makes APIs more accessible to applications like wget or + curl. + + * Added an easy way to do pagination with the web API. + + API calls returning lists of data can now paginate the results, + returning only a certain amount of data. The results and the + total number of items across all pages will be returned. + + URLs are provided in the resulting JSON payload that point to the + previous or next queries. Callers can pass a 'start' parameter to + the URL to specify the first item's index (0-based), and + 'max-results' to specify the maximum number of items it wants in + that request (which may be capped server-side). + + +version 0.5.7 final (14-February-2010): + * djblets.datagrid: + * Columns in datagrids can now augment the queryset before actually + querying the database. This allows them to prefetch information + instead of having to do a query per-row. + + This also now by default globally caches the resulting data in + Column.render_data if displaying a foreign key. This means that if + several rows are all referencing the same User object, for instance, + there will be only one query for that object instead of one per row. + + * djblets.log: + * Add a title to the Server Log page. + + * djblets.util: + * Fixed image cropping with the new Django storage support. + + Python Image Library was confused about the format to save the + resulting image in when cropping. We now pass in the appropriate + format in order to allow it to save. We also log any failures that + may come up. (Bug #1396) + + * JavaScript: + * Allow the classes in modalBox to be customized on a per-instance + basis, allowing for more custom types of modalBoxes (such as a + specially stylized help box). Patch by Hussain Bohra. + + * Added a new $.fn.scrollIntoView function. This will ensure that the + target element is visible on-screen. + + +version 0.5.6 final (15-November-2009): + * djblets.auth: + * RegistrationForm now takes in a request. + * Extra context can be passed to the template for the registration + form. + + +version 0.5.5 final (22-October-2009): + * JavaScript: + * Fix a bug on Internet Explorer when setting the white-space + property on an auto-size text area. (Bug #1349) + + +version 0.5.4 final (4-October-2009): + * djblets.datagrid: + * Compatibility updates for the Django 1.2 development branch. + + * JavaScript: + * On Google Chrome, the text areas would grow by a line with every key + pressed. Patch by Cory McWilliams. (Bug #1145) + + * On Safari 4, the text areas wouldn't auto-resize based on text. + + * On Firefox, the text areas would shrink too much when deleting text. + + +version 0.5.3 final (17-September-2009): + * djblets.siteconfig: + * Updated to work with Django 1.1's admin UI stylesheets. + + +version 0.5.2 final (15-September-2009): + * General: + * Added copyright and MIT license headers to all files. + + * JavaScript: + * inlineEditors now prevent the event from bubbling up when + clicking their target element. This means that a target element + inside of an will no longer cause the page to + change when clicking the element. (Bug #1221) + + * djblets.auth: + * Deleted the password recovery code. It was intended for use in + an old version of Django and has since been supplanted by + Django. We don't believe anyone is using it or should be + encouraged to use it. + + * djblets.log: + * Added a Server Log view for administration UIs. This is used + to display the server log (using the Python logging defaults from + djblets.log). The log is filterable and sortable. + + * Exceptions are now logged when using LoggingMiddleware. When an + exception occurs, the stack, username and URL are logged. + + * djblets.util.misc: + * cache_memoize will now always ensure that cache keys will never + exceed the maximum key length. If the key is larger, an md5sum + of the key is used instead. Patch by Thilo-Alexander Ginkel. + + +version 0.5.1 final (2-August-2009): + * JavaScript: + * Added a clear() function to $.funcQueue(), which clears the + queue and prevents any further processing until it's next started. + + * djblets.util.filesystem: + * Added the new djblets.util.filesystem for filesystem-related + functionality. + + * This currently contains is_exe_in_path, which checks if an + executale exists in the system path. This will do intelligent + file extension determination. It expects an application name without + a file extension (such as "cvs") and will append the ".exe" on + Windows. This is an improvement over the method we used in Review + Board before where we blindly searched for "cvs" (which could in + theory exist yet not be an executable) on Windows, or "cvs.exe" + (which could in theory exist yet not be an executable) on Linux. + + +version 0.5 final (20-June-2009): + * Final release of Djblets 0.5. + + This release was made to go alongside Review Board 1.0. While Djblets + works its way to its own 1.0, we will attempt to not break any existing + API. However, it is important to note that Djblets is not API frozen + at all yet. + + We advise developers to continue to work against Djblets SVN/nightlies, + but to base production applications on 0.5. + + +version 0.5 rc2 (13-June-2009): + * General: + * Properly list the license as MIT, not GPL, in setup.py. + (Bug #1120) + + * JavaScript: + * Prevent funcQueue.start() from being called when the queue is + already started. + + * djblets.datagrid: + * Added speedups when sorting columns. We used to generate an SQL + query that pulled in all information in the order specified by + the columns, but this could be slow for large data sets. We now + do the minimal query, retrieving only the object IDs, and then + fetch data on those specific IDs in a second query. The end result + is a significant speedup in rendering datagrids when used with + large amounts of data. + + * djblets.log: + * Fix logging when we're unable to write to the log file. We now + fall back on stderr. Patch by Paolo Borelli. + + * djblets.util.fields: + * Fixed a typo in a variable name that caused problems in JSONField + when getting data in an unexpected format. + + +version 0.5 rc1 (3-May-2009): + * JavaScript: + * Clicking the edit icons for inlineEditors no longer causes the + page to scroll in some browsers. (Bug #1057) + + * djblets.datagrids: + * Sped up the datagrids in some cases by always including related + objects (up to one depth level) in the query for the datagrid. + + * djblets.siteconfig: + * Prepended the site's domain to the siteconfig cache key, making it + possible to use multiple siteconfig-based apps on the same server. + (Bug #986) + + * Saving a SiteConfig didn't always cause other instances of that + SiteConfig on the server to reload, meaning that people would + sometimes have to restart the server to get settings to apply. + This is now fixed. + (Bug #734) + + * Removed a redundant key for the timezone. + + * djblets.util.templatetags.djblets_utils: + * The ageid filter now returns an empty string if passed 'None' as + the timestamp. + + +version 0.5 beta 1 (28-March-2009): + * JavaScript: + * Moved to using jQuery 1.3.2. + + * Small performance improvements in tooltip and modalBox. + + * The edit icons in an inlineEditor are now accessible, so they can + be activated by pressing the Enter key in Firefox. Patch by + Brad Taylor. (Bug #965) + + * djblets.util.fields: + * JSONField and Base64Field now properly serialize to a JSON file, + so long as the patch at http://code.djangoproject.com/ticket/9522 + is applied. + + * Objects saved in the admin UI that have a Base64Field no longer + causes garbage in the field. The fields are now saved properly. + (Bug #918) + + * djblets.gravatars: + * Added an "alt" attribute for the generated gravatar image, in order + to fix XHTML compliance. + + * djblets.datagrids: + * Fixed some XHTML validation errors. Patch by Onkar Shinde. + (Bug #932) + + +version 0.5 alpha 3 (15-February-2009): + * JavaScript Bugs Fixed: + * Fixed some major performance issues in autoSizeTextArea. + + * Fixed a bug with Safari and inlineEditor where Safari would + sometimes crash due to autoSizeTextArea. We now just disable + the autoSizeTextArea functionality. + + * inlineEditor no longer allows startEdit to be called when editing + is already enabled. + + * New Features: + * Added new set_etag, etag_if_none_match, etag_if_match functions + for working with ETags. + + * Added a new jQuery.fn.html() method that works around IE's broken + innerHTML implementation. innerHTML in IE would strip whitespace, + which was bad when inserting into 
 and